by David Strom

Instant Messaging (IM) has come of age and is close to becoming one of those protocols that offers something for
everyone. Once the province of chatty teens looking to replace phone conversations with electronic ones, IM is now a
corporate mainstay and part of a new breed of applications that are built around “presence detection,” the ability to
determine when someone—or something—is online and available to communicate.

Indeed, IM is rapidly spreading across the corporate world and becoming an able replacement for overflowing voicemail and
e-mail inboxes that are clogged with spam and buried in irrelevant and non-time-sensitive postings. If you must get through
to a busy corporate executive, IM is becoming the fastest and most effective method of communicating. Move over
CrackBerry.

IM offers several benefits today, having taken some lessons learned by other Internet protocols of the past. First, it has
a solid user and developer base. Second, it has a relatively simple building-block structure like the best of Internet
protocols, with well-defined clients and servers. Third, interoperability efforts are beginning to pay off among the leading
independent and private IM systems. Fourth, open-source rules are making inroads in all the right places. Fifth, Microsoft is
a friend (for once) of IM and helping matters—rather than playing its usual monopolist role in this space, the company is
actually encouraging future developments and interoperability. Finally, a new collection of advanced applications is taking
hold that will take advantage of the existing Internet and IM infrastructure and create some very sophisticated IM
applications.

Let’s examine more closely where IM originated, where it is going, and what the specific implications are for each of
these developments and for networking professionals. As a warning, this article by its very nature takes some positions on
products and vendors. These opinions are solely those of the author, and they represent nothing wider or more inclusive.

User Base

The IM servers are operated by either public network or private entities. The major difference between the two is that the
public systems operate across the Internet and can be accessed by any users who download the appropriate client software and
create their own identity. Message traffic is usually transmitted in plaintext and without any encryption whatsoever.

The private IM systems are usually maintained by a corporate IT department and operate behind firewalls; they offer
message encryption, message retention, and archiving; prepopulated buddy lists that are integrated into the corporate
authentication and directory servers; and better security and privacy that are specific to a particular set of corporate
users. These private systems are not available to the public and are designed strictly for employee communications or
communications among particular trading partners of the corporation.

The four most popular public IM systems are currently all in corporate hands: Microsoft, Yahoo, eBay/Skype, and AOL.
Actually, we should make that five systems because AOL owns two separate networks, AOL Instant Messenger (AIM) and I seek you
(ICQ). Introduced in November 1996, ICQ was actually the first general-purpose IM system combining presence or a list of
contacts with the ability to send messages. Other popular systems include the open-source Jabber and Tencent QQ, the latter
very popular in China. Estimates vary widely as to the total number of nonduplicated users—because many people have multiple
accounts and use multiple systems—but it is safe to say that more than 150 million users are active across all these systems
at any moment. The most recent estimates of active users are as follows: [1]

IM System

Estimate of Active Users

AIM

53 million active users

ICQ

15 million active users

Skype

10 million active users

MSN Messenger

29 million active users

Yahoo Messenger

21 million active users

Jabber

13.5 million enterprise users

Tencent QQ

10 million active users

Why IM Is So Popular for Businesses

But these numbers are more about individuals using IM. They hide the real story over the past several years, the rise of
IM as a solid enterprise communications tool. Corporate IM usage has skyrocked the last several years, and one survey has
found IM users in more than 50 percent of American corporations [2]. As mentioned earlier, there are public and private IM
systems. The vast majority of the private IM systems are for institutional use for communications inside a company or among
several suppliers, customers, and other trading partners.

The largest players in the private IM space are Microsoft Office Live Communications Server and IBM/Lotus’ Sametime,
although Jabber Corporation (not to be confused with the Jabber Software Foundation) is also gaining a strong following. We
will discuss more about the role of open source in a moment, but first let’s examine the reasons why IM has become so popular
among so many business users.

First, workers have become more mobile and more difficult to track down. As secretarial support disappears and voicemail
becomes more the norm, you want to know when people are actually at their desk—or laptop—these days. Staffs are more
far-flung, and the global village becomes a lot smaller when you use IM to “talk” to someone halfway across the planet and
get an immediate response. Finding someone who is available requires more than just making a phone call or exchanging e-mail
messages. IM automatically tells you who is available—and who is not—at any given hour of the day.

Second, e-mail is no longer the productivity tool it once was because pipes are clogged with spam, viruses, and phishing
attacks. Getting a quick response—that is, within minutes—through e-mail now seems so quaint, so “last year.”

Third, IM enables better collaboration and a tighter sense of community. With IM, you can educate an entire team, give the
team feedback in real time, develop relationships, and cement the team together. It is a nice antidote and countermeasure to
connect all these home-based and remote workers.

Fourth, the next generation of IM is not just about text chats; it also offers solid integration with voice and video.
Voice and video calling is now part of Microsoft, Yahoo, Apple, and AOL IM software as well as part of the Skype network,
which pioneered the feature. These audio and video extensions are becoming more popular with the private Lotus and Microsoft
systems as well.

Finally, the real-time features of IM and its ability to track someone down no matter where they are located are
attractive to customers, partners, and suppliers that need a guaranteed method of communication. IM is becoming the critical
technology ingredient for corporations that are looking for faster response times, tying their customers closer together, and
enabling teleworkers to communicate across the globe.

Components

Following are some definitions and explanations for those unfamiliar with the world of IM. Every IM network is composed of
clients, servers, and protocols to connect them.

Each IM client has three major pieces:

A buddy list or roster of friends with whom you wish to communicate—The list is organized by groups that you specify,
such as “friends,” “work colleagues,” “family,” and so forth. The list indicates who is online, who is available to talk
to, and who is offline or blocked by the user from communicating. Users organize their buddies in different ways and have
complete control over the categories, naming conventions, and the like.

A separate window that shows the text chats in process—Users type in this window and view the responses of their
correspondents.

Any additional features for video and audio chats and for file transfers between users

The last item bears some further discussion. All major IM products are moving beyond their roots of simple text chats
toward more integrated and sophisticated communications, including real-time voice and video calls. Indeed, the mixture of
Voice over IP (VoIP) and IM is a potent and popular one, accounting for the rapid uptake in Skype’s adoption around
the world. To use Skype as an example (although Yahoo has begun offering similar phone calling features in its IM client, and
the others are soon to follow), users can make phone calls to the land-line phone numbers for a few pennies per minute—even
calls to numbers in other countries. This is part of its attraction, along with voice mailboxes that are attached to a
particular IM username.

The IM server maintains the directory of user accounts and keeps track of who is online, and in most cases routes messages
among users. The major difference between an IM server and a Simple Mail Transfer Protocol (SMTP) e-mail server is
that the IM server operates in real time, sending messages back and forth between two users as they finish typing a line of
text. The servers also pass information in real time as to the availability of various users in the directory, when they come
online and change their “status” message.

Users can typically set their availability in one of many different modes:

Online and ready to receive messages

Away from the computer, in which case correspondents receive a message saying so (or whatever the user wishes to be
displayed)

Unavailable or offline

Blocked from anyone’s view for privacy reasons

This status message can be changed at the user’s discretion and is one of the main attractions for teens and other
hypercommunicators. You can actually track what people are doing (or at least, saying that they are doing), by monitoring
their status messages. (I am at the beach, I am taking a nap, I am at lunch, I am having coffee, and so forth.) For my
teenaged daughter, this is one way she documents her life and one way that her friends can keep track of her—having a cell
phone is not enough! There are numerous third-party add-ins to enhance your away message with clever graphics, hyperlinks to
various Websites, and other effluvia as well.

The combination of instant access and persistent status indicator is at the core of why IM is such a powerful application.
In a single window on your computer, you have a list of all your correspondents and can quickly determine who is online and
who is not.

The blocking ability for some systems works universally, meaning that your presence is cloaked for everyone, as well as
for specific users that you do not wish to communicate with or know your particular status, such as ex-spouses or
ex-colleagues.

In most IM networks, you can be signed on from only one computer at any given moment. If you attempt to sign on from a
second machine, you get an error message or your first computer is automatically logged out of the system. This is one way
for the network to keep track of where you are located, because you can be in only one place at any given time.

Each server uses the TCP/IP Internet infrastructure and communicates with its clients over an assigned port number across
the Internet. These ports can be blocked or proxied to different numbers, depending on the network administrator’s policies
toward IM traffic. Typical port numbers follow:

IM System

Port Numbers

ICQ

4000

AIM

5190–3

XMPP

5222–3

MSNP (Microsoft)

1863

YMSG (Yahoo)

5050

Skype

80, 443, and others

Notice an interesting thing about Skype’s protocol: there is no single assigned port number. Users can set one of the
ports in its configuration settings, but Skype uses a series of ports to communicate. [3] This setup suggests several
concerns, which we address next.

The Dark Side

Although these are all compelling reasons for the rise of IM across the corporate network, all is not constructive with
IM. This section discusses problems specifically germane to Skype and problems with all IM products in general.

When the Skype client is installed on a computer, it picks a random port to communicate with other Skype computers, using
what is believed to be a form of Request for Comments (RFC) 3489 [4]. This process is similar to many network-based
games and peer-to-peer file-sharing products—no surprise because the developers of Skype worked on the Kazaa music
file-sharing software. Because of its programming model, Skype is adept at traversing Network Address Translation
(NAT) routers and can usually find a communications path to the outside world. Skype also encrypts all its message traffic,
and this fact coupled with random port usage and its peer-to-peer programming model makes it look very similar to some
malicious code that is unleashed across your network.

This is part of its charm and its challenge: network administrators who want to block Skype usage usually have a very
difficult time figuring out how to do so [5], and may have to resort to third-party blocking products or clever
configurations. One of the papers listed in [3] shows a way to block Skype using the popular open-source Squid caching proxy:
not only do you have to prevent outbound User Datagram Protocol (UDP) connections over port 443, but you also must
prevent connections to numeric IP addresses.

Although Skype has its own problems because of the way it is designed, there are several significant drawbacks to
widespread adoption and deployment of any IM application. IM is not immune to infections, and just as its popularity is on
the increase, so are ways to send malicious payloads and attacks too. What makes matters worse with IM versus say, e-mail, is
its very instant nature: an infection can easily spread across a network in a matter of seconds, given that users are logged
in, have long lists of users, and tend to think that any message coming from their respondents is more trusted than the
average e-mail. In addition, Internet chat has long been a mechanism for controlling large-scale bot-nets of zombie
computers, whose owners are unaware of such usage. Numerous virus authors have used exploits in Internet Relay Chat, for
example, to control their villains across the Internet.

To avoid these problems, many corporations have either designed their own or are using one of several commercial IM
protection products to screen incoming messages for particular patterns and methods of attack. The IM protection products
work just like antivirus products work with e-mail messages: they download pattern files on a regular basis from a central
server, and perform deep packet inspection across a perimeter to determine what is malicious and what is not.

Interoperability

Each public IM system is an island unto itself: users on one cannot easily communicate with users of another, unless one
of two things happens:

A user runs one of the multisystem client programs that allows them to sign in to multiple systems concurrently. Still,
using these types of products means that just the user can communicate with his or her “buddies” across systems. Many
mostly free products that enable this are available [6].

A private IM operator can combine more than one protocol inside the IM server application. This
approach means that clients need not know or care about other IM protocols, such as using Microsoft’s Live Communications
Server 2005 [7].

But variables are changing on the interoperability scene to make life better for IM users. First, efforts are under way
among the major operators to form better relationships with each other:

In October 2005, Yahoo and Microsoft announced plans to introduce interoperability between MSN and Yahoo Messenger by
mid-2006, using Session Initiation Protocols (SIPs). In December 2005, AOL and Google announced a strategic partnership deal
where Google Talk users can talk with AIM and ICQ users provided they have an identity at AOL.

Second, both Microsoft and Apple have made efforts to include multiprotocol IM clients as part of their desktop operating
systems. Apple’s iChat in its latest Mac OS 10.4 Tiger, as an example, now supports AIM, Google Talk, and Jabber. Microsoft
has announced plans to support other networks in its next release of Windows Vista, expected later this year.

Finally, the private IM systems of Microsoft and Lotus both support multiple IM protocols, and are widening their support
for others, making them more useful for corporations.

Still, with all this activity, the IM interoperability scene is pretty poor: think where e-mail was in the early 1990s
with custom-crafted gateways and the like so that an MCIMail user could send messages to a CompuServe user.

Setting up two systems to talk to each other is neither simple nor obvious, and each pair of systems must be done
separately. So to add Google Talk to Trillian, a user would need to provide the server host name
(talk.google.com) and port number (5222). (By the way, GoogleTalk has the most helpful instructions
on how to set up a variety of third-party applications to connect to its servers.)

But that is not all—even if a user follows these instructions to set up cross-system connections, most systems can
exchange only plaintext messages. Video and voice chats between disparate systems are not generally supported, although
Apple’s iChat has done the best job so far in this arena. And even if users take the multiple-client approach, the structure
of their buddy lists is not always maintained and sometimes is presented in a single group of buddies, rather than separated
into the groups that were specified when initially setting up the IM account.

The other concern for cross-systems interoperability is a lack of support for privacy or online status. All of the IM
systems have the ability to create blacklists, or lists of users that cannot view your online status. These blacklists are
not necessarily preserved when running the multiple client systems.

The Rise of Open Source

There is hope on the interoperability scene, however, and that hope is spelled open source. The Jabber group of
programmers is growing, and the community is aggressively establishing a more pluralistic IM society. These steps revolve
around software using the protocol called the Extensible Messaging and Presence Protocol (XMPP), the IETF’s
formalization of the core protocols created by the Jabber open-source community in 1999, and contained in four RFCs [8, 9, 10,
and 11].

Jeremie Miller developed the original Jabber server in 1998. Now the project has reached critical mass. Notable is the
wide number of different server and client formulations that support XMPP. Jabber. com sells a commercial license, along with
a combination of General Public License (GPL)-based licensed servers and other commercial versions. The project has
supported the efforts of dozens of client implementations [12]. Last year, support reached a new milestone with Google Talk
and more recently the Gizmo Project using these protocols.

Numerous efforts are under way with these clients to extend basic IM functions into new areas, including providing more
sophisticated and secure communications, the ability to have multiple identities presented
(david@strom.com for work colleagues, dstrom@gmail.com for personal
communications) from the same IM client, and support for more interoperable communications between Jabber and private IM
systems.

At the heart of XMPP is the Extensible Markup Language (XML) constructs and basic protocols. The core “transport”
layer for XMPP is an XML streaming protocol that makes it possible to exchange fragments of XML between any two network
endpoints. Authentication and channel encryption happen at the XML streaming layer using other IETF-standard protocols for
Simple Authentication and Security Layer [13] and Transport Layer Security [14].

Servers can connect to each other for interdomain communications, using the form of address for each user as
<user@domain>—similar to SMTP e-mail, and in many cases, the IM address is the same as one’s
Internet e-mail address to simplify things.

What is notable about using XMPP is that RFC 3921 also makes it possible to separate the messaging and presence functions
if desired (although most deployments offer both). This feature is helpful when building applications-to-applications
messaging that does not involve users typing text messages to each other, such as a server sending a network operator an
alert when it detects a problem.

The Jabber Software Foundation develops extensions to XMPP through a standards process centered on Jabber Enhancement
Proposals (JEPs), similar to the RFC process [15]. Currently, more than 30 active proposals have been developed,
extending IM into bookmarks, delayed messaging, and other areas.

What Microsoft Is Doing

Microsoft is heavily involved in the IM scene in three important areas. The company operates one of the larger public IM
networks, it includes an IM client as part of its Windows operating system, and it sells a private IM server that has some
powerful interoperability features called Live Communications Server (LCS). What does this mean for the IM
community? All good things. Microsoft’s MSN and Skype are the more popular IM services outside of North America, and having
Skype now a part of eBay is making Microsoft add competitive features such as voice and video chats to its public IM service.
Microsoft has actually led the way on IM interoperability with LCS, a fact that can only motivate its competitors to include
more pluralist IM offerings of their own. Finally, building in more support for IM in future versions of Windows will help
popularize these applications even further.

It was not always this way. Earlier versions of Windows included something called Windows Messenger that was woefully
underfeatured and had many bugs. But like so many early Microsoft efforts, technology has improved over time, and now the
built-in software that comes with Windows is actually quite competitive with the public IM clients from AOL, Yahoo, and
Skype.

Certainly, having Microsoft on one side and open-source efforts on the other is a nice way to encourage development and
innovation in the IM arena, and we should expect more here in the future.

Building IM Applications

For most of this article we have addressed the one-to-one aspect of IM. However, IM is evolving into a much more important
role, and that is one-to-many communications, and communications between applications instead of actual people. Many vendors
have begun selling products in this space, and it is more interesting for several reasons:

First, IM is replacing other means for applications communications. It used to be the case that many network management
applications used the Simple Network Management Protocol (SNMP) or SMTP protocols to send out their alerts. Now,
many applications are using IM messages and taking advantage of the real-time nature of the protocol.

Second, the origins of IM go back to group chat sessions, so group collaboration tools make sense for new IM
applications.

Third, even the closed public IM vendors have begun to open their programming interfaces, making it is easier for
corporations to build new and sophisticated applications that are presence-aware, in some cases between two computer programs
to communicate their status. AOL this year is one such example of opening its IM application programming interface
(API) kimono, and of course Jabber has always been an open system that has helped lead more of these innovations.

One illustration is with the automotive giant Reynolds and Reynolds, which is using Jabber servers to monitor its own
software status at the numerous automotive dealerships around the world. The IT department at Reynolds can quickly see if the
company’s software is down and take steps to get it working again.

Accredited Home Lenders is using IM to provide its loan brokers a secure and reliable means of communicating in real time
with loan specialists to resolve problems with loan applications. And Ecreation built a virtual disk jockey for a Dutch radio
station that also broadcasts over the Internet, allowing the station to take requests from listeners around the world through
Microsoft’s IM network.

Even traders have embraced IM. NetEnergy has been using IM for the past three years, and now negotiates trades between
buyers and sellers of oil contracts using IM, decreasing errors and enabling faster communications.

Finally, IM figures prominently helping deaf and hard-of-hearing users communicate. In the era before IM, deaf users
required a telephone relay operator to type the message to them and speak to the hearing callers. Go America has built a
gateway to IM for its i711.com Website, so that deaf users can send
messages directly to the operator.

Summary

We have tried to paint a comprehensive a picture of what IM is and where it is going. Certainly, the amount of messaging
traffic using the various IM protocols is impressive, and will continue to grow as these new applications are created and as
more people discover the advantages of using IM. In several instances IM has replaced voicemail for most internal
communications, particularly at high-tech companies and places where real-time communications is important. Although IM is
not without its problems, there are ways to protect networks from infection and abuse.

[6] Adium and iChat for the Mac, Gaim for Windows and Linux, Trillian Pro for Windows, WebMessenger for Windows
Mobile/Palm, and others.

[7] Microsoft’s Live Communications Server 2005 includes its Public IM connector for an additional charge. Lotus’ Sametime
has had AIM connectivity for several years, and will support other IM networks later this year.

DAVID STROM has been writing about Internet protocols and applications for nearly 20 years. Founding editor-in-chief for
Network Computing magazine, he was most recently the editor-in-chief for
tomshardware.com and related Websites. Strom has written two books
on Internet e-mail (with the doyenne of POP, Marshall T. Rose) and home networking and thousands of magazine articles for
most of the leading trade magazines in the IT, computing, and networking fields. He can be reached by e-mail at
david@strom.com, or by IM: davidstrom (AIM and Skype) or
dstrom (Yahoo, Google Talk, and MSN).